Your point is taken, not all security work is oppressive. And my comment was calculated to be over the top.

The narrower point being, of course, if you're involved in work that supports Constitutional violations, you should think about what you're doing. Hard. Because if your work supports these things, then you're destroying what you probably signed up to protect. Probably not your fault, the mission was hijacked. But now there's no way to pretend. So think about it, and ideally, act.

And if you're just designing tollbooth security, then thanks for your service. :)

> The narrower point being, of course, if you're involved in work that supports Constitutional violations, you should think about what you're doing. Hard.

Well, even things like PRISM have valid Constitutional and national security usages. Things like metadata collection have been allowed for decades as well, under the auspices of valid law enforcement investigations.

Holding all Internet traffic in a buffer for 5 years? Collecting all email metadata that passes by? Now that's getting risky, but how many people do you think are actually involved in that? And why is that less dangerous than CALEA (something which DEFCON didn't kick out the Feds for...)?

If you flip the concept to instead be "could what I'm working on possibly be used for oppression" then there are a lot more government workers than you might think that would have to be introspective.

It has the worse effect of muddying lines of responsibility ("I couldn't have done this bad thing if $FOO hadn't build it!"), which is another path we don't want to go down... the same logic that blames the analyst for creating a process with valid purpose and bad effect could be used to blame the HR rep for hiring the analyst, or the janitor for keeping his workspace clean. And all the while we should be pointing our fingers at the person who actually did something wrong!